cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2020-7263

Dear All,

We are running ENS 10.6.1 and we are aware that it should be upgraded with the july update, however can any one help me understand its severity. I mean put it in layman terms, so that it will be helpful for me to proceed further to take the required actions.

 

Also help me understand more about CVE-2020-7264 too.

 

TIA,

Venu

Venu
5 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 6

Re: CVE-2020-7263

Hello @vnaidu 

Thanks for your post.

Please refer the below KB article which is having all the information in regards to CVE 202-7264

https://kc.mcafee.com/corporate/index?page=content&id=SB10316

https://kc.mcafee.com/corporate/index?page=content&id=SNS2420&locale=en_US

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Re: CVE-2020-7263

Dear @Former Member ,

I have read the article, however I would like to know what is the current status of the versions if not upgraded and what is the status if it is upgraded to the recommended versions or hotfixes. I  would like to know the severity and the status. 

Can you please explain me in detal.

Regards,

Venu

Venu
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 6

Re: CVE-2020-7263

@vnaidu 

Thank you for sharing your concerns

Below is the impact and severity rating for CVE-2020-7263

 Impact of Vulnerability:Permissions, Privileges, and Access Controls – CWE-264
 CVE ID:CVE-2020-7263
 Severity Rating:Medium
 CVSS v3 Base/Temporal Scores:6.5 / 5.4
 Recommendations:Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Please, let me know if the above information helps! 

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 6

Re: CVE-2020-7263

 

Thank you for sharing your concerns

Below is the impact and severity rating for CVE-2020-7263

 Impact of Vulnerability: Permissions, Privileges, and Access Controls – CWE-264
 CVE ID: CVE-2020-7263
 Severity Rating: Medium
 CVSS v3 Base/Temporal Scores: 6.5 / 5.4
 Recommendations: Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

Please, let me know if the above information helps! 

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 6

Re: CVE-2020-7263

Hello @vnaidu 

Thanks for your response.

Please check the below information:

https://kc.mcafee.com/corporate/index?page=content&id=SB10314

 Impact of Vulnerability: Permissions, Privileges, and Access Controls – CWE-264
 CVE ID: CVE-2020-7263
 Severity Rating: Medium
 CVSS v3 Base/Temporal Scores: 6.5 / 5.4
 Recommendations: Update to one of the following Endpoint Security (ENS) versions:
  • ENS 10.7.0 July 2020 Update
  • ENS 10.6.1 July 2020 Update

 

ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.

The ENS July 2020 Update introduces a new Access Protection rule "Unauthorized execution of EsConfigTool" that is enabled by default. Administrators can disable the rule if they want to run the tool to export or import policies locally. They then need to re-enable the rule after use of the tool.

ENS offers the ability to lock the client interface, and to require a password when exporting and importing configuration. McAfee recommends that both features are enabled. Steps to enable these options are described in the Workaround section (SB10314).

CVE-2020-7263 – ENS configuration can be edited by attacker with local administrator permissions
Improper access control vulnerability in ESConfigTool.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 July 2020 Update allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

I hope that the above information will help you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community